package auctionhaus

import org.springframework.dao.DataIntegrityViolationException
import grails.plugins.springsecurity.Secured
import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils

class CustomerController {

    static allowedMethods = [save: "POST", update: "POST", delete: "POST"]
    def customerCreateService

    def springSecurityService

    @Secured(['ROLE_ADMIN'])
    def index() {
        redirect(action: "list", params: params)
    }

    @Secured(['ROLE_ADMIN'])
    def list() {
        params.max = Math.min(params.max ? params.int('max') : 10, 100)
        [customerInstanceList: Customer.list(params), customerInstanceTotal: Customer.count()]
    }

   def create() {
        [customerInstance: new Customer(params)]
    }

   def save() {

         if (params.password.length() > 8 || params.password.length() < 6)
         {
             flash.message = message(code: 'password.length.invalid')
             render(view: "create")
             return;
         }

         Customer c = customerCreateService.createCustomer(params)

         if (c.hasErrors())
         {
            render(view: "create", model: [customerInstance: c])
         }
         else
         {
            flash.message = message(code: 'default.created.message', args: [message(code: 'customer.label', default: 'Customer'), c.id])
            redirect(action: "show", id: c.id)
         }
   }

    @Secured(['ROLE_USER'])
    def show() {

        def customerInstance = Customer.get(params.id)

        if (customerInstance &&
            (customerInstance.email == springSecurityService.principal.username ||
            SpringSecurityUtils.ifAllGranted("ROLE_ADMIN")))
        {
            if (springSecurityService.getAuthentication())

                if (!customerInstance) {
                    flash.message = message(code: 'default.not.found.message', args: [message(code: 'customer.label', default: 'Customer'), params.id])
                    redirect(action: "list")
                    return
                }

            [customerInstance: customerInstance]
        }
        else
        {
            redirect(controller: "login", action: 'denied')
        }
    }

    @Secured(['ROLE_ADMIN'])
    def edit() {
        def customerInstance = Customer.get(params.id)
        if (!customerInstance) {
            flash.message = message(code: 'default.not.found.message', args: [message(code: 'customer.label', default: 'Customer'), params.id])
            redirect(action: "list")
            return
        }

        [customerInstance: customerInstance]
    }

    @Secured(['ROLE_ADMIN'])
    def update() {
        def customerInstance = Customer.get(params.id)
        if (!customerInstance) {
            flash.message = message(code: 'default.not.found.message', args: [message(code: 'customer.label', default: 'Customer'), params.id])
            redirect(action: "list")
            return
        }

        if (params.version) {
            def version = params.version.toLong()
            if (customerInstance.version > version) {
                customerInstance.errors.rejectValue("version", "default.optimistic.locking.failure",
                          [message(code: 'customer.label', default: 'Customer')] as Object[],
                          "Another user has updated this Customer while you were editing")
                render(view: "edit", model: [customerInstance: customerInstance])
                return
            }
        }

        customerInstance.properties = params

        if (!customerInstance.save(flush: true)) {
            render(view: "edit", model: [customerInstance: customerInstance])
            return
        }

		flash.message = message(code: 'default.updated.message', args: [message(code: 'customer.label', default: 'Customer'), customerInstance.id])
        redirect(action: "show", id: customerInstance.id)
    }

    @Secured(['ROLE_ADMIN'])
    def delete() {
        def customerInstance = Customer.get(params.id)
        if (!customerInstance) {
			flash.message = message(code: 'default.not.found.message', args: [message(code: 'customer.label', default: 'Customer'), params.id])
            redirect(action: "list")
            return
        }
        if(customerInstance.listings && customerInstance.listings.size() != 0)
        {
            flash.message = message(code: 'customer.still.has.listings.message', args: [message(code: 'customer.label', default: 'Customer')])
            redirect(action:  "show", id: params.id)
            return
        }
        if (Bid.findByBidder(customerInstance) != null)
        {
            flash.message = message(code: 'customer.still.has.bids.message', args: [message(code: 'customer.label', default: 'Customer')])
            redirect(action:  "show", id: params.id)
            return
        }

        try {
            customerInstance.delete(flush: true)
			flash.message = message(code: 'default.deleted.message', args: [message(code: 'customer.label', default: 'Customer'), params.id])
            redirect(action: "list")
        }
        catch (DataIntegrityViolationException e) {
			flash.message = message(code: 'default.not.deleted.message', args: [message(code: 'customer.label', default: 'Customer'), params.id])
            redirect(action: "show", id: params.id)
        }
    }
}
